This repository contains the Next.js frontend for NeuroWealth. It's a demo-ready frontend with mock authentication, UI components, and client-side adapters that let the app run without a backend.
Assumptions: This frontend targets the Stellar testnet by default (NEXT_PUBLIC_STELLAR_NETWORK=testnet). For production, configure NEXT_PUBLIC_STELLAR_NETWORK=mainnet and provide a real API backend via NEUROWEALTH_API_BASE_URL.
Requirements: Node.js 20+, Yarn (Corepack supported)
Install and run:
yarn install
yarn devRun tests:
yarn testInspect bundle size locally:
yarn analyzeThis runs a production build with the Next.js bundle analyzer enabled via ANALYZE=true.
The report is written under .next/analyze/, which is already ignored by git.
Use this command when checking for bundle regressions before merging. We do not run it in CI because analyzer builds are slower than the normal test/lint/build pipeline.
- Next.js 14 app under
src/app - Client-side mock auth (
src/lib/mock-auth.ts) that persists an in-browser session inlocalStorageand mirrors it to a non-httpOnly cookie somiddleware.tscan perform edge-side redirects. - Edge middleware (
middleware.ts) that protects routes under/dashboard,/profile, and/settingsand redirects unauthenticated users to/login?from=.... - Tests using the Node test runner (match:
src/**/*.test.ts).
src/
├── app/ # Next.js App Router — routes and layouts
│ ├── (auth)/ # Auth-gated route group (login, onboarding)
│ ├── (errors)/ # Standalone error pages (401 unauthorized, 403 forbidden)
│ ├── api/ # Route handlers
│ ├── dashboard/ # Protected dashboard shell and sub-routes
│ │ ├── dev-errors/ # Dev-only error trigger routes (hidden in production)
│ │ ├── portfolio/
│ │ ├── activity/
│ │ ├── strategy/
│ │ └── settings/
│ ├── not-found.tsx # Global 404 page
│ └── error.tsx # Global 500 / uncaught error boundary
├── components/ # Shared UI components (ui/, dashboard/, auth/, layout/)
├── features/ # Feature-scoped logic co-located with its UI
├── hooks/ # Reusable React hooks
├── lib/ # Pure utilities, constants, and adapters
│ ├── mock-auth.ts # Client-side mock auth session
│ ├── auth-constants.ts # Canonical storage/cookie key names
│ └── …
└── types/ # Shared TypeScript types and interfaces
TypeScript strict mode is enabled (tsconfig.json → "strict": true).
Lint runs via yarn lint (ESLint + eslint-config-next).
See docs/env.md for the full variable reference, including the public/server-only split,
Edge middleware constraints, and runtime validation notes.
The React provider tree is composed in src/components/ClientProviders.tsx in the following order (outer to inner):
ClientProviders
├── SandboxProvider # Dev-only error trigger context
├── ThemeProvider # Dark/light theme with localStorage persistence
├── I18nProvider # Internationalization & locale state
├── AuthProvider # User session: localStorage ↔ cookie sync
├── WalletProvider # Stellar wallet connection (network-aware)
├── ToastProvider # Toast notifications & alerts
└── CookieConsentProvider # Privacy & cookie banner state
└── ErrorTrackingMount # Global error tracking (unhandledrejection, window errors)
└── children
└── CookieBanner, PrivacyModal
Provider order matters: Each provider depends on layers below it. For example, ThemeProvider is initialized before AuthProvider so theme preferences load before the user checks authentication.
-
Authentication:
- User signs in via
/login→AuthContext.signIn()→mock-auth.tscreates session - Session stored in
localStorage(key:SESSION_STORAGE_KEY) - Session mirrored to httpOnly cookie (key:
SESSION_COOKIE_NAME) for middleware - Middleware (
middleware.ts) reads cookie to redirect unauth users - Sign-in on other tabs triggers
storageevent → all tabs sync
- User signs in via
-
Stellar wallet integration:
WalletProviderresolves network based onNEXT_PUBLIC_STELLAR_NETWORKenv (testnet/mainnet)- Horizon URL configurable via
NEXT_PUBLIC_STELLAR_HORIZON_URL(falls back to public nodes) useWallet()hook provides wallet state and account info
-
API requests:
- Browser → Next.js
/api/*routes: authenticated via httpOnly cookie (no extra header needed) - Next.js → Real backend: use
createServerApiClient()in route handlers to inject Bearer token (fromNEUROWEALTH_API_AUTH_TOKENenv) - All responses must conform to the standard envelope (see NEUROWEALTH_API.md)
- Demo mode (no backend): all
/api/*routes return mock data
- Browser → Next.js
-
Internationalization:
- Active locale stored in
localStorage(key fromauth-constants.ts) dictionariesmap locale codes to message objects- All formatters (
formatCurrency,formatDate, etc.) usegetActiveIntlLocale()for locale-aware output
- Active locale stored in
-
Theme:
- Light/dark mode persisted to
localStorage - CSS variables injected into
:rootfor tailwind theming ThemeProviderinitializes before auth so theme loads without flash
- Light/dark mode persisted to
The mock auth flow stores the session in localStorage using SESSION_STORAGE_KEY and mirrors it into a cookie named SESSION_COOKIE_NAME. This allows the browser UI and Next.js middleware to agree on authentication state in demo setups. See src/lib/auth-constants.ts for the canonical values.
- Follow existing patterns for components and hooks.
- Tests live next to logic under
src/and run viayarn test. - For bundle-size checks, run
yarn analyzelocally and review the generated report before changing code that affects route or vendor bundles. - Use
data-qaonly for smoke-flow anchors, with kebab-case names that describe the flow and action, for examplelanding-primary-cta-button,wallet-connect-button, andtransaction-submit-button.
To report a vulnerability or for our handling and response expectations, see SECURITY.md. Please do not file public issues for security reports.
Internal/demo project — see repository owner for license details.